HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' parameters.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation1 reference(s) from NVD